CVE-2012-5614

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 03-12-2012 01:49

Last modified: - 29-08-2022 10:56

Total changes: - 2

Description

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:S/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.0

Base score

8.0

2.9

Exploitability score

Impact score

Verification logic

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=882607
https://mariadb.atlassian.net/browse/MDEV-3910
[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday-Mailing List, Third Party Advisory
[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday-Mailing List, Third Party Advisory
20121201 MySQL Denial of Service Zeroday PoC-Exploit, Mailing List, Third Party Advisory
1027829-Broken Link, Third Party Advisory, VDB Entry
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
RHSA-2013:0772-Third Party Advisory
MDVSA-2013:150-Broken Link
GLSA-201308-06-Third Party Advisory
53372-Not Applicable

Keywords

CVE-2012-5614

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2012-5614

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures